Adding Permissions to a Mailbox in Exchange 2007 for Group Mailbox

Posted on 2009-04-21
Last Modified: 2012-08-13
I have created a mailbox called IT Help.  I want to be able to have the IT staff add this mailbox to their existing Outlook client so that issues can be looked at by everyone.  The issue I am having is that all users that access this mailbox should have all access to move, change and send as permissions but no one but the administrator have access to delete messages.  I have been able to setup the users through powershell using Full access, which obviously works for testing access.  The problem I have now is that when I remove FullAccess, and leave, send-as, readpermission, changeowner, and changepermission, the user can no longer open the mailbox for viewing.  What I am I missing?  Thanks in advance for any assistance.
Question by:dakkonblackblade
    LVL 65

    Assisted Solution

    What you want to do isn't possible at the mailbox level.
    Exchange mailbox permissions are Full mailbox or Nothing at all. No middle ground.
    If you want to restrict the users then you have to grant the permissions through Outlook on each folder in Outlook.

    Basically you need to grant the permission at the top of the tree, so the mailbox can be opened, then set the permissions further down.

    The only additional permission they need for access is Send As.

    LVL 12

    Accepted Solution

    I think Mestha is correct, however, try the following in powershell: (Assume the group is called IT Staff)

    Add-ADPermission IT Help -User:IT Staff -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:'Personal Information

    Not sure if this will help without the full access though.
    LVL 12

    Expert Comment

    Let's try this with the code snippet so it doesn't remove all my single quotes:
    Add-ADPermission IT Help -User:IT Staff -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:'Personal Information

    Open in new window

    LVL 12

    Expert Comment

    Well heck. OK, those tab characters are single quotes. :P
    LVL 12

    Expert Comment

    *Sigh* They are double-quotes. I'm going back to bed.

    Author Closing Comment

    Thank you all.  I appreciate the feedback.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now